@trigo/atrix (>=6.0.0-10 <=7.0.0-alpha5), @trigo/atrix-mongoose (>=1.0.0 <=1.0.1) potentially affected by unknown CVE via @trigo/hapi-auth-signedlink (=1.3.0)

@trigo/hapi-auth-signedlink NPM version =1.3.0 is affected by a known vulnerability. The following packages have a transitive dependency on @trigo/hapi-auth-signedlink and may be impacted: - @trigo/atrix =6.0.0-10, =1.0.0, =1.0.1 Source cves: unknown CVE Source advisory: OSV:MAL-2025-190829...

EUVD-2025-198848

Malicious code in @trigo/hapi-auth-signedlink npm...

Malicious code in @trigo/hapi-auth-signedlink (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bed6824ae90bafaade2c426612b295defed6107b61296445aa2d1d728729c23b The package @trigo/hapi-auth-signedlink was found to contain malicious code. Source: ghsa-malware...